General availability of Office 365 CDN

Vesa Juvonen - Published April 21, 2017

We are excited to announce updates on our Office 365 Public Content Delivery Network (CDN) capability with great new features comparing to previously released preview functionality. We are also announcing preview for the completely new Publishing Feature Auto-Rewrite integration along with Private CDN. Office 365 Public CDN is now updated and fully available for first release tenants, with gradual release for normal tenants.

We are interested on your feedback and comments around this capability, so please use Microsoft Tech Community to provide input around this these new capabilities.

Office 365 Public CDN Overview

Static assets to be shared from CDN are uploaded to the SharePoint libraries, which are enabled as CDN origins.

Assets are being exposed from the configured libraries and folders and they can be accessed using CDN URLs.

URLs pointing to CDN location are available to be used in the SharePoint sites and in the customizations hosted from SharePoint.

Public CDN URLs for the assets are static and are not changed after the asset has been located to the CDN origin. You can either hard-code Public CDN URLs or leverage the Publishing Feature integration to get Auto-Rewriting to CDN URL.

Office 365 Private CDN with Publishing Auto-Rewriting Overview

Following picture defines the logical flow with Office 365 Private CDN, which is now in preview status and available from tenants with first release status.

Static assets to be shared from CDN are uploaded to the SharePoint libraries, which are enabled as CDN origins

Assets are available for being exposed through the CDN service when they are in the CDN origin for the Private CDN

When pages, with assets in the CDN origins, are being requested, SharePoint automatically rewrites the URLs point to the CDN URLs, so that client side browser is requesting these assets using CDN location

Assets being shared from the CDN origin must have a major version published and user access to these assets is being considered when the URL rewriting happens

The Private CDN URLs are dynamically generated by SharePoint Online. The Private CDN URL can only be generated if user has read permissions to the CDN origin (specifically the folder containing the asset). The Private CDN Urls contain tokens on the query string that are used to grant access to the asset. Having the Private CDN Url (with the tokens) is similar to having the asset itself. The tokens used to grant access are will expire after 1 hour. We ensure that the same asset will generate the same tokens across multiple requests with that 1 hour, this allows the browser cache to be leveraged during a user session.

Publishing Feature Auto-Rewriting to CDN URLs

One of the key scenarios we see for the Public / Private CDN feature is Intranet Portals. These sites often have lots of custom JS, CSS and Images. The Public / Private CDN feature will help improve the latency of these sites because the CDN assets are geo distributed so they are cached closer to the user and the CDN domain supports the HTTP/2 protocol which provides parallel downloading. This means we are no longer limited to 6 ports per domain like with HTTP/1.1.

To help customers take advantage of the CDN features without needing to rewrite their existing Portals, we integrated the Publishing Feature with the Public/Private CDN Feature. The Auto-Rewriting is also required to use the Private CDN features as those Urls are dynamically generated and cannot be hard-coded like Public CDN URLs.

Here is a summary of what Publishing Auto-Rewriting supports today for assets that are in CDN Origin Libraries.

SharePoint Image renditions are supported and will translate to CDN URL.

If you have suggestions for other features or web parts you would like to support CDN Auto-Rewriting, let us know and we will add them to our backlog. You can provide use input on the capability using Microsoft Tech Community.

New PowerShell cmdlets for CDN management

We have collected lot of feedback during the developer preview stage and have adjusted the implementation also on the PowerShell cmdlet side accordingly. Here are the new cmdlets related on the CDN capability.

Enables private or public CDN using default settings. Can be also used to disable private or public CDN.

Notice that when you are enabling CDN, it will be default enable default origins for the specific CDN type. If you do not want to do this, you can use -NoDefaultOrigins parameter when you execute Set-SPOTenantCdnEnabled cmdlet.

Get / Add /Remove-SPOTenantCdnOrigin(s)

Can be used to Get, Add and Remove CDN origins. Origins now support wildcards prepended to the Url. This allows you to create Origins that apply across sites. For example, an origin of “*/masterpage” would make the Master Page Gallery in all Sites available as CDN Origins.

The */ can only be present in the beginning of the path, matching on any number of URL segments.

The path does NOT have to be pointing to a doc library. If someone wanted to enable */site1, they can do so, and it will match on all the doc libraries under the site.

Get-SPOTenantCdnPolicies

Can be used to see current settings around the CDN policies for both public and private CDN. This cmdlet will return current configuration for the tenant policies.

Set-SPOTenantCdnPolicy

Can be used to configure tenant policies for both public and private CDN. You can use this one cmdlet for controlling following settings:

IncludeFileExtensions – File extensions which are enabled for CDN capability

ExcludeRestrictedSiteClassifications – You can use this to control possible exclusions for the CDN usage based on site classification (Site.Classification). This is useful when you are using wildcard origins, but want to exclude some sites from being CDN origins.

ExcludeIfNoScriptDisabled – Can be used to exclude CDN capability if NoScript setting is disabled. This feature is still in testing and is not enabled at the time of writing this post.

Video on getting started with Office 365 CDN

Following video shows how to get started with Office 365 CDN from administration perspective. It demonstrates different commands and their usage with Office 365 tenant.

Usage of Public CDN in SharePoint pages and in customizations

Assets hosted in public CDN origins can be accessed using well-known URL structure, which can be then referenced in your customizations, for example as hosting location for your SharePoint Framework client-side web part JavaScript files.

No. There is referrer filtering on the CDN URL requests. You can only reference assets from the CDN URLs when request is coming from SharePoint Online.

How can I validate CDN URL configuration?

You can perform CDN URL validation in Fiddler if you include correct referrer header for your request.

Add header “Referer: https://contoso.sharepoint.com” to the GET request

Alternatively you can manually create an URL pointing to an image in public CDN and reference that in SharePoint pages.

Once assets are published to the library, how soon can they be accessed via CDN?

There is a 15 minute delay to after adding a new Origin. Once assets are published in the Library they can be immediately requested using the CDN URL.

If I updated my assets in SharePoint site, will they be automatically refreshed in CDN?

Yes. We trigger a background work item to invalidate the CDN asset. Depending on the length of the queue this can take between 15 minutes to 1 hour.

Can I use CDN to host my SharePoint Framework client-side web part files?

Yes. You can use Public CDN to host your SharePoint Framework client-side web part files. You can enable CDN in your tenant and configure the right hosting location in client-side web part manifest. You cannot use however Private CDN for hosting (at least at the moment) since URL for that is not static. If you do not want to have these files anonymously exposed through CDN, you can also host them directly in SharePoint library with needed authentication. This would however mean that you would not have advantage of the performance improvements provided by CDN service. You can follow specific tutorial for the SharePoint Framework around hosting client-side web parts from Office 365 CDN.

Can I use both Public and Private CDN at the same time?

Yes, a common scenario is to use Public CDN for Design Assets (JS/CSS) that can be centrally managed to ensure they meets your requirements for Public CDN. Then use Private CDN for Author Content like Images.

What are the default file types for assets to be shared through CDN?

Public and private CDN have slightly different configuration, which is defined below.

I have enabled private CDN, but my assets seems to be referenced using normal URLs, what could be wrong?

Asset needs to have a published major version, so that it's being automatically handled by the auto-rewrite capability. Double check that you have published version available from library defined as CDN origin.

Can I enable CDN without default origins?

Yes. You can use -NoDefaultOrigins parameter with the Set-SPOTenantCdnEnabled cmdlet. This means that default CDN origins are not enabled by default.

Can I manually construct the URL for the static assets?

Yes, but only for public CDN. You can simply add public CDN URL as a prefix for the URL and construct the URL easily to point to a single file in library or folder.